From ca633d72b3f17a52dae26e0fe9f24e89013fcf46 Mon Sep 17 00:00:00 2001 From: Jakub Schier Date: Wed, 25 Sep 2024 13:45:25 +0200 Subject: [PATCH 1/3] fix ci-cd --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d4f5606..b49b3b1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,8 +10,8 @@ Azure master: only: - main script: - - apk update - - apk add xz + - yum update -y + - yum install tar xz -y - tar cf /tmp/asab-maestro-library.tar --exclude='.git' --exclude='./.git' --exclude='./.gitignore' --exclude='./.gitlab-ci.yml' --exclude='./README.md' --exclude='./CHANGELOG' --exclude='./CONTRIBUTING.md' --exclude='./LICENSE' . - xz -9 -e -T 0 /tmp/asab-maestro-library.tar - mv /tmp/asab-maestro-library.tar.xz asab-maestro-library.tar.xz @@ -35,8 +35,8 @@ Azure branch: - production - main script: - - apk update - - apk add xz + - yum update -y + - yum install tar xz -y - echo ${CI_COMMIT_BRANCH} - tar cf /tmp/asab-maestro-library.tar --exclude='.git' --exclude='./.git' --exclude='./.gitignore' --exclude='./.gitlab-ci.yml' --exclude='./README.md' --exclude='./CHANGELOG' --exclude='./CONTRIBUTING.md' --exclude='./LICENSE' . @@ -68,8 +68,8 @@ Azure tag: - branches script: - - apk update - - apk add xz + - yum update -y + - yum install tar xz -y - echo ${CI_COMMIT_REF_NAME} - tar cf /tmp/asab-maestro-library.tar --exclude='.git' --exclude='./.git' --exclude='./.gitignore' --exclude='./.gitlab-ci.yml' --exclude='./README.md' --exclude='./CHANGELOG' --exclude='./CONTRIBUTING.md' --exclude='./LICENSE' . - xz -9 -e -T 0 /tmp/asab-maestro-library.tar From ec3271445313f1983cd77283e6a4c660ca83eb36 Mon Sep 17 00:00:00 2001 From: Jakub Schier Date: Thu, 17 Oct 2024 20:09:52 +0200 Subject: [PATCH 2/3] influxdb non admin token --- Site/ASAB Maestro/Descriptors/influxdb.yaml | 17 +++++++++ .../Files/influxdb/influx-init.sh | 36 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100755 Site/ASAB Maestro/Files/influxdb/influx-init.sh diff --git a/Site/ASAB Maestro/Descriptors/influxdb.yaml b/Site/ASAB Maestro/Descriptors/influxdb.yaml index e9db945..76b33da 100644 --- a/Site/ASAB Maestro/Descriptors/influxdb.yaml +++ b/Site/ASAB Maestro/Descriptors/influxdb.yaml @@ -40,6 +40,23 @@ nginx: - rewrite ^/influxdb/(.*) /$1 break - proxy_pass http://upstream-influxdb +sherpas: + # Sherpas containers: akin to their namesake mountain guides, these containers provide essential support and guidance throughout the application's lifecycle. + # provide a name to your sherpa and a descriptor for its very own container. + init: + image: infuxdb:{{ VERSIONS["influxdb"] }} + entrypoint: ["bash", "/script/influx-init.sh"] + command: ["echo", "DONE"] + volumes: + - "{{SITE}}/{{INSTANCE_ID}}/script:/script:ro" + depends_on: ["{{INSTANCE_ID}}"] + environment: + MONGO_HOSTNAMES: "{{MONGO_HOSTNAMES}}" + +files: + - "script/influx-init.sh" + # - "script/replica-set.json" will be added by ASAB Remote Control / Mongo Tech + # Exposure of InfluxDB on the public HTTPS is disabled b/c there is no authorization introspection available # https: # location /influxdb: diff --git a/Site/ASAB Maestro/Files/influxdb/influx-init.sh b/Site/ASAB Maestro/Files/influxdb/influx-init.sh new file mode 100755 index 0000000..d4b30e6 --- /dev/null +++ b/Site/ASAB Maestro/Files/influxdb/influx-init.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +# Wait for InfluxDB to start +until curl -s http://{{INFLUXDB_URL}}:8086/health | grep -q '"status": "pass"'; do + echo "Waiting for InfluxDB to start..." + sleep 1 +done + +# Get the bucket ID +BUCKET_ID=$(curl -s -X GET http://{{INFLUXDB_URL}}:8086/api/v2/buckets -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.buckets[] | select(.name=="{{BUCKET_NAME}}") | .id') +# Get the org ID +ORG_ID=$(curl -s -X GET http://{{INFLUXDB_URL}}:8086/api/v2/orgs -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.orgs[] | select(.name=="{{ORG_NAME}}") | .id') + +# Get the user ID +USER_ID=$(curl -s -X GET http://{{INFLUXDB_URL}}:8086/api/v2/users -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.users[] | select(.name=="{{USER_NAME}}") | .id') + +# Create the non-admin token using the InfluxDB API v2 +curl -X POST http://{{INFLUXDB_URL}}:8086/api/v2/authorizations \ + -H "Authorization: Token {{INFLUXDB_TOKEN}}" \ + -H "Accept: application/json" \ + -H "Content-Type: application/json" \ + -d '{ + "description": "Non-admin user with write access", + "orgID": "'"$ORG_ID"'", + "permissions": [ + { + "action": "write", + "resource": { + "type": "buckets", + "id": "'"$BUCKET_ID"'" + } + } + ], + "status": "active", + "userID": "'"$USER_ID"'" + }' \ No newline at end of file From c645ae7934891ca625b74585a8310e9df5695fae Mon Sep 17 00:00:00 2001 From: Jakub Schier Date: Thu, 17 Oct 2024 20:19:34 +0200 Subject: [PATCH 3/3] shuffle variables --- Site/ASAB Maestro/Descriptors/influxdb.yaml | 5 ++++- Site/ASAB Maestro/Files/influxdb/influx-init.sh | 10 +++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Site/ASAB Maestro/Descriptors/influxdb.yaml b/Site/ASAB Maestro/Descriptors/influxdb.yaml index 76b33da..69575f2 100644 --- a/Site/ASAB Maestro/Descriptors/influxdb.yaml +++ b/Site/ASAB Maestro/Descriptors/influxdb.yaml @@ -51,7 +51,10 @@ sherpas: - "{{SITE}}/{{INSTANCE_ID}}/script:/script:ro" depends_on: ["{{INSTANCE_ID}}"] environment: - MONGO_HOSTNAMES: "{{MONGO_HOSTNAMES}}" + INFLUXDB_HOSTNAME: "{{INFLUXDB_HOSTNAME}}" + DOCKER_INFLUXDB_INIT_BUCKET: "{{DOCKER_INFLUXDB_INIT_BUCKET}}" + DOCKER_INFLUXDB_INIT_ORG: "{{DOCKER_INFLUXDB_INIT_ORG}}" + DOCKER_INFLUXDB_INIT_USERNAME: "{{DOCKER_INFLUXDB_INIT_USERNAME}}" files: - "script/influx-init.sh" diff --git a/Site/ASAB Maestro/Files/influxdb/influx-init.sh b/Site/ASAB Maestro/Files/influxdb/influx-init.sh index d4b30e6..a6c9263 100755 --- a/Site/ASAB Maestro/Files/influxdb/influx-init.sh +++ b/Site/ASAB Maestro/Files/influxdb/influx-init.sh @@ -1,21 +1,21 @@ #!/bin/sh # Wait for InfluxDB to start -until curl -s http://{{INFLUXDB_URL}}:8086/health | grep -q '"status": "pass"'; do +until curl -s http://{{INFLUXDB_HOSTNAME}}:8086/health | grep -q '"status": "pass"'; do echo "Waiting for InfluxDB to start..." sleep 1 done # Get the bucket ID -BUCKET_ID=$(curl -s -X GET http://{{INFLUXDB_URL}}:8086/api/v2/buckets -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.buckets[] | select(.name=="{{BUCKET_NAME}}") | .id') +BUCKET_ID=$(curl -s -X GET http://{{INFLUXDB_HOSTNAME}}:8086/api/v2/buckets -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.buckets[] | select(.name=="{{DOCKER_INFLUXDB_INIT_BUCKET}}") | .id') # Get the org ID -ORG_ID=$(curl -s -X GET http://{{INFLUXDB_URL}}:8086/api/v2/orgs -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.orgs[] | select(.name=="{{ORG_NAME}}") | .id') +ORG_ID=$(curl -s -X GET http://{{INFLUXDB_HOSTNAME}}:8086/api/v2/orgs -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.orgs[] | select(.name=="{{DOCKER_INFLUXDB_INIT_ORG}}") | .id') # Get the user ID -USER_ID=$(curl -s -X GET http://{{INFLUXDB_URL}}:8086/api/v2/users -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.users[] | select(.name=="{{USER_NAME}}") | .id') +USER_ID=$(curl -s -X GET http://{{INFLUXDB_HOSTNAME}}:8086/api/v2/users -H 'Authorization: Token "{{INFLUXDB_TOKEN}}"' -H "Accept: application/json" | jq -r '.users[] | select(.name=="{{DOCKER_INFLUXDB_INIT_USERNAME}}") | .id') # Create the non-admin token using the InfluxDB API v2 -curl -X POST http://{{INFLUXDB_URL}}:8086/api/v2/authorizations \ +curl -X POST http://{{INFLUXDB_HOSTNAME}}:8086/api/v2/authorizations \ -H "Authorization: Token {{INFLUXDB_TOKEN}}" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \